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© Classified document transmission control 



© A method is disclosed for notifying both the 
source and intended recipient of a classified elec- 
tronic message transmitted via a computer network 
of a delivery restriction imposed by an Insufficient 
classi fication level at the recipient's system. A re- 



ent. or the system In response to the failure of 
delivery. 



quirwi~classification (evel is transmitted by the 
source of a classified electronic niessage in associ- 
ation with each classified electronic message and an 
Indication of each classified electronic message is 
stored In an output tog at the source system. Prior to 

apenmitting delivery of a classified electronic mes- 
sage, the required classification level is then com- 
pared to the classification level of the intended re- 
Odpient Delivery of a classified etectronic message is 
Wartomatically restricted in response to an insuffident 
classification level at the recipient's system and a 
Wstatus message is then transmitted to either or both 
jjjthe source and the intended redpient of the das- 
sified electronic message. The redpient may be 
O automatically prompted to attempt to otrtam a das- 
£^8ification upgrade or forward the message to an 
lU alternate redpient in' response to such restriction. 
Additionally, the method permits an undelivered 
message to be destroyed by the source, the redpi- 
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CLASSIRED DOCUMENT TRANSMISSION CONTROL 



DESCRIPTION 



This invention relates generally to classified 
document transmission control In computer net- 
works and provides the basis for providing notifica- 
tion to both the source and recipient of classified 
electronic messages which are undeliverable due 
to classification restrictions. 

The electronic mail is rapidly supplanting Post 
Office mail as a means for communicating between 
individuals. One significant advantage of electronic 
mail is that the transmission time associated with 
each electronic mail message is ordinarily only 
seconds, or fractions of a second, as compared to 
Post Office mail which ordinarily requires several 
days. 

The mailing t'n>e associated with Post Office 
mail often causes significant delay in the conduct 
of business and has been largely ignored, and 
consequently tolerated, until the advent of Express 
Mail services and electronic mal. Cunrently, this 
widespread delay of business is identified as 
"float" and the minimising or eliminating of this 
float has beconne one goal of business managers, 
efficiency experts and others hoping to increase 
societal productivity. 

The widespread use of electronic mail systems 
have given rise to a problem of security. That is, 
the wom'some problem of delivering a sensitive 
electronic mail message to the terminal of a third 
party only to have that message intercepted and 
read by another due to a lack of sufficient security 
at the recipienfs terminal. Recently" a nDethbd has 
been proposed whereby the delivery of a classified 
message will be automatically cancelled if the re- 
cipient's system profile does not match a pre- 
established profile which has been transmitted with 
the message. While this represents an enharxie- 
ment over known electronic mail systems by pro- 
viding a system with the ability to automatrcally 
pn>scribe the delivery of a classified message to a 
recipient whose redpierit profile does not match 
the pre-estai}lished profile estabGshed by the 
source of the classified message, it does not ad- 
dress the problan of how to proceed once delivery 
of a classified message has been cancelted. 

Thus, it should be obvious that a need exists 
for a method whereby the delivery and receipt of 
sensitive electronic messages may be carefully re- 
stricted and whereby the source and recipient of 
such electronic messages may receive noWteation 
indk:ating the delivery or non-delivery status of a 
classified message. 

It is therefore on object of the present Inven- 



tion to provide an improved electronic message 
system. 

The present invention provides, in a computer 
network, a method for automatically notifying the 

5 source of a classified electronic message transmit- 
ted via the computer network of a delivery restric- 
tion imposed by the classification level of the re- 
dpient, comprising the steps of: 
transmitting a required classification level to be met 

70 by a valid receiver in association witii an electronic 
message to a selected recipient via a computer 
network; 

automatically comparing tiie transmitted required 
classification level with the classification level of tire 
75 selected recipient; 

automatically restricting delivery of the electronic 
message to the selected recipient in response to 
ttie failure of tfie classification level of the selected 
recipient to meet or exceed the transmitted re- 
20 quired classification level; and 

automatically transmitting tfie status of the delivery 
to the source. 

Such an arrangement is thought to provide an 
improved electrons message system which per- 
25 mits restriction of the delivery and receipt of clas- 
sified electronic messages while providing a no- 
tification to botfi tile source and recipient regarding 
the non-delivery of such messages and can also be 
arranged to provide notification to a designated 
30 tiiird party in tiie event of such restriction. 

In one arrangement of the present invention, a 
required classification level is transmitted by the 
source of a classified electronic message in associ- 
ation with each classified electronic message and 
35 "an indication of each such ~classifie«i electronic 
message is stored in an output log at the source 
system. Prior to permitting delivery of a classified 
electronic message, the required classification level 
is tiien compared to the classification level of the 
40 intended recipient. Delivery of a classified elec- 
tronic message is automatically restricted in re- 
sponse to an insufficient classification level at the 
recipienfs system and a status message is then 
automatically transmitted to either or botti the 
45 source and the intended recipient of the classified 
electronic message. It is prefenred also to provide 
for tiie transmittal of a status message to a des- 
ignated third party, such as a system operator. As 
discbsed. the receipt of a classified message bear- 
so ing a classification higher than that of the intended 
recipient will cause the system to automatically 
prompt the Intended redpierrt to attempt to obtain a 
classification upgrade or to forward the message to 
an alternate recipient bearing tfie proper classifica- 
tion level. Additionally, the method of the present 
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invention pennits an und livered message to be 
destroyed by the source, the recipient or the sys- 
tem in response to th failure of deliv ry. 

The present invention will be described further 
by way of exampi with ref rence to an embodi- 
ment thereof as illustrated in tfie accompanying 
drawings, In which: 

Figure 1 depicts, in block diagram form, a 
Local Area Network (LAN) which links multiple us- 
ers in a system wherein electronic messages may 
be transmitted; 

Rgure 2 depicts a togic fkw chart illustrating 
the operations perfonmed in transmitting a n>essage 
in system; and 

Rgure 3, in sections A and B. is a toglc fk)w 
chart illustrating the operatk)ns involved at recep- 
tion. 

A Local Area Network (LAN) 10 is a self-con- 
tained computer network linking a plurality of users. 
As is illustrated. Users A. B. C. and D are each 
linked in Local Area Network (LAN) 10 and are 
capable of freely communicating electronic mes- 
sages between one another within Local Area Net- 
work (LAN) 10. Those skilled in the art will appre- 
ciate that while a Local Area Network (LAN) 10 is 
depicted in Rgure 1. tfie electronk: message meth- 
od disclosed herein may be used with other such 
systems such as a plurality of interactive work 
stations which are each coupled to . a host com- 
puter. 

The disck>sed arrangement penmits a transmit- 
ter to transmit a classified electrorvc message to a 
particular recipient and automatically generate no- 
tificatkMi messages to the recipient, a designated 
third party, and the source system in the event that 
delivery of the classified electronic message is nc^ 
accomplished due to an insufficient classification 
level at the redpient system. Some of the activities 
involved can be thought of as taking place at 
transmission-or-fn-a-a-"transmission-system "and- 
some may be thought of as occurring at recaption 
or in a "reception system." 

The transmission part of the disclosed opera- 
tton is depicted in togic ftow chart form in Rgure 2, 
while the counterpart reception operation is de- 
picted in togic ftow chart forni in Rgure 3. Rgure 2 
and Rgures 3A and 3B shouto be read together to 
fully understand the disctosed anrangement where- 
by notiftoation of the inat)ility of a redpient to 
receive a classified electronk: message may be 
automatically transmitted to designated parties. Ad- 
drtionally. each user depicted rn Rgure 1 may 
con^st of an Indivklual, or a computer system, 
such as a personal computer. 

Refenring now to Rgure 2, the operation of th 
transmtsston systenr) will now be described, with 
occastonal reference to Rgure 1. for purpose of. 
exposition. As defected in t>tock 14. the operation 



is begun by the selection of an electronic message 
for transmission at the transmission system. TTiose 
skilled in the art will appredate that tiie selection of 
a particular message for transmission involv s not 
5 only the selection of the message content but also 
the specification of the recipient or recipients for 
that particular message. Therefore, the selection of 
a particular message for transmission, as depicted 
in btock 14. shall be assumed to include such 

;o specifications. Next, block 16 is used to illustrate 
whether or not the message selected for transmis- 
sion requires a particular classification level. If not 
the particular message selected by block 14 is 
transmitted via Local Area Network (LAN) 10 (see 

15 Rgure 1) in a manner well known in the art. as 
illustrated in btock 18. 

In the event the electronic message selected 
for transmission as illustrated in btock 14 requires a 
classification level, as depicted in block 16, then 

20 btock 20 illustrates the setting of a particular das- 
sification level. Those skilled in the art of electronic 
message systems will appreciate tfiat each individ- 
ual establishment may generate its own classifica- 
tion level system and that such systems may differ 

25 in the number and priority of classifications which 
are availabte. Next, an indication of the message 
and the classification tevel selected is entered in 
the output tog for the transmisston system, as 
illustrated in btock 22. Thereafter, btock 24 is used 

30 to determine wfrettw or not encryption is required. 
If no encryption is desired, the message is trans- 
mitted via the network, as illustrated in block 18. If, 
however, encryption is required, then block 26 illus- 
trates tiie encryption of the classified electronic 

35 message, by any technique known in the prior art. 
prior to transmission of the message via the net- 
woric. as illustrated in block 18. 

Witti reference now to Rgures 3A and 38, 
tiiere are depicted the operations which take place 
-40 — attherecipienf ssystem-Thispart of tiwoperation- 
begins at ttie redpient* s system with the receipt of 
a particular message, as illustrated in bhxk 30. 
Next btock 32 is used to determine whether or not 
ttie electronic message received in block 30 is 

45 classified. If the n>essage received is not classified, 
the message Is then placed in the redpienf s in 
box. as illustrated in btock 34. 

In the event the electronic message received at 
the redpient's system is classified, then block 36 

50 depicts ttie retrieval of the redpient's classification, 
which, in the disdosed arrangement Is stored with- 
in a redpient prolito associated with each recipient 
within the network. 

Next block 38 illustrates a detemiination of 

55 whetiier or not the classification level required by 
tiie message received at the redpient's system is 
met by the redpient's classification tovel. If the 
redpient possesses a suitable classification tovel to 
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receive th classified electronic m ssage, then 
block 40 illustrates the transmittal of an arrival 
notice back to the source of th classified message 
and the pladng of the message into the redpient's 
in box, as illustrated In block 34. 

In the event the recipient's classification level 
is not sufficiently high to receive the classified 
electronic message received at the redpient's sys- 
tem, then block 42 illustrates the pladng of a denial 
notification in the redplent's input log. Of course, 
those skilled in the art will appredate that such a 
denial notification may be carefully crafted to in- 
dicate to the redpient that a classified electronic 
message has arrived for which the redpient does 
not possess a sufficientfy high dassiffcation level. 
This may be done simply and easily without in- 
dicatir)g the nature of the classified electronic mes- 
sage. 

Next. bk>ck 44 depicts the transmittal of a non- 
delivery notice to tt>e source and any designated 
third F>arties. One important feature of the dtsdosed 
arrangement is that the notification of norhdellvery 
which Is automatically generated for the source of 
the dassrfied electronic message may also be di- 
rected autonrwtically to the system operator or any 
other designated third party. In this nrwmer, the 
system may establish suitable techniques for deal- 
ing with undelivered classified electronk: message 
which are unique to a particular system witiiout tfie 
necessity of requiring that all systems using tills 
method treat undelivered classified electronic mes- 
sages in the same manner. 

As illustrated In block 46. fho dtsdosed ar- 
rangement next prompts the redpient to obtain a 
classification upgrade. In tiiis manner, tt>e redpient 
may request and often receive a temporary or 
transactional classification upgrade in order to allow 
him to - receive and review a particular classified 
electronic message. Block 48 tiien illustrates a 
detenmination of wtiether or not tiie upgrade has 
been obtained and, if so. bkx:k 40 illustrates the 
transmittal of an arrival notice to the source. Next 
the classified electronic message is placed in the 
redplenf s in box, as depicted in bkx* 34. 

In tiie event tfie redpient has not obtained a 
classification upgrade suitable to penmit him to 
review ttie classified electronic message received, 
then block 50 illustrates the prompting of the re- 
dpient to forward the mess^e to an aHemate 
redpient F=6r example, tiie redpient may not pos- 
sess a suitable classification level; however, his 
mar>ager may have such a classffk:ation level and 
fonvarding of the classified eleclronic message to 
the manager will pennit communication with ttw 
intended redpient to take place to the extent ttie 
manager deems rt necessary. 

Block 52 now ilkistrates a determination of 
whetfier or not ttie das^fied electronte message 



has been fonrt^arded to an altemat redpient If so, 
block 54 illustrates a transmittal of a notice to the 
source of th classified lectronic m ssag indicat- 
ing that tiie classified electronic message has been 
5 fonvarded to an alternate redpient Thereafter, the 
process returns, as illustrated in block 56, to deter- 
mine whettier or not tiie alternate redpient des- 
ignated by the initial recipient possesses a suffi- 
dent classification level to receive the message, as 
10 illusb'ated atx)ve. 

In the event ttie redpient has declined to for- 
ward the classified electronic message to an al- 
ternate redpient as determined by block 52, then 
•block 58 is used to determine whetiier or not tiie 
15 classified electronic message should be destroyed. 
In tiie event destruction of ttie classified electronic 
message is desired, block 60 may be used to 
determine whether or rwt the system protocols 
require automatic destruction of an undelivered 

20 classified electi-onic message. If so, then block 62 
illustrates tiie destruction of tiie classified elec- 
tronic message and a return to processing. If auto- 
matic destruction of a classified electronic mes- 
sage is not desired, tfien block 64 illustrates tiie 

25 prompting of tiie source or redpient for a destruct 
command. In this manner, the dassified electronic 
message which may not be delivered can be de- 
sfroyed. Rnaily, in ttie event block 58 determines 
that it is not necessary to desti-oy the classified 

30 electironic message, the process ends. 

As those skilled in the art will appredate upon 
reference to the foregoing spedfication, by using 
such an arrangement, tiiere is provided a technique 
whereby tiie non-delivery of a classified electronic 

35 message due to ttie Inability of ttie redpient to 
provide a suitable classifk:ation level may automati- 
cally generate a" notification which will be transmit- 
ted to the source of ttie classified electi-onk; mes- 
sage, as well as to any designated tiiird party 

40 within the system. In this manner, users of may 
customise a protocol for handling classified elec- 
tronk: messages within a individual system which 
may accommodate alnriost any variation in tech- 
niques for handling ttie delivery or non-delivery of 

45 classified electronic messages. Co-pending appli- 
cation (AT9-8&^) relates to similar subject 

matter. 



50 Claims 

1. In a computer network, a metfiod for auto- 
matically notifying the source of a classified elec- 
tronic message transmitted via ttie computer net- 
55 work of a delivery restriction Imposed by the clas- 
sification level of the redpient comprising ttie 
steps of: 

transmitting a required classification level to be met 
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by a valid r ceiver in association with an electronic 
message to a selected recipient via a computer 
network; 

automatically comparing the transmitted required 
classification level with the classification level of the 5 
selected recipient; 

automatically restricting delivery of the electronic 
message to the selected recipient in response to 
the failure of the classification level of the selected 
recipient to meet or exceed the transmitted re- io 
quired classification level; and 
automatically transmitting the status of the delivery 
to the source. 

2. A method as claimed In Claim 1. further 
including storing an indication of each transmitted 75 
electronic message along with the required clas- 
sification level at ttie source. 

3. A method as claimed in Claim 2, further 
including stonng the transmitted status in associ- 
ation with the stored IrKlication of each transmitted zo 
electronic message. 

4. A method as claimed in any preceding 
Claim, further inducing automatically transmitting a 
ratification of the delivery restriction to tfte se- 
lected recipient in response to the automatic re- 25 
striction of delh^ery. 

5. A method as claimed In Claim 4. further 
including the step of prompting the selected recipi- 
ent to request an increased classification level in 
response to the automatic restriction of oo 

6. A method as claimed in any preceding 
Claim, further including the step of prompting the 
source to dispose of the electronic message in 
response to the automatic restriction of delivery. 

7. A metfKKi as claimed in any preceding 35 
Claim, furtfier including the step of automatically 
disposing of the electronic message in response to 

the automatic restriction of delivery. 

8. A method as claimed in Claim 4 or any 

ClaimappefKlanttheretorfurtherincluding-thestep 40 

of prompting the selected recipient to request 
transmittal of the electronic message to an al- 
ternate redpient in response to the automatic re- 
striction of delivery. 
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